ICO: The GDPR regime will not mean changes in its appetite for fining

The government’s statement of intent on Monday this week to legislate in GDPR-style also confirmed GDPR-level fines, but the Information Commissioner, Elizabeth Denham, says that maximum fines will not become the norm.

Writing in a blog today, Denham states that issuing fines has always been, and will continue to be, a last resort: ‘We have never invoked our maximum powers. Predictions of massive fines under the GDPR that simply scale up penalties we’ve issued under the Data Protection Act are nonsense.’

Denham says that the ICO intends to use new GDPR powers proportionately and judiciously.

‘Like the DP Act, the GDPR gives us a suite of sanctions to help organisations comply – warnings, reprimands, corrective orders. While these will not hit organisations in the pocket – their reputations will suffer a significant blow.’

Commenting on the government’s plans, Denham said: "We are pleased the government recognises the importance of data protection, its central role in increasing trust and confidence in the digital economy and the benefits the enhanced protections will bring to the public."